Ban against a single blog post leads Turkish ISPs to censor all of WordPress

Last week, a Turkish court ordered an access ban on a single post in the vast sea of more than 60 million individual blogs on WordPress. But for many users, that meant their Internet service providers blocked WordPress entirely.

It’s a move that shows the scope of Turkey‘s Internet law, the power of judges who may not fully understand online media, and the technical capacities of Turkish ISPs, which, under the heavy pressure of President Recep Tayyip Erdo?an’s rule, have turned into instruments of censorship.

The access ban on WordPress was first confirmed by Serhat Koç, a lawyer and a member of Turkey’s Pirate Party (“Korsan Parti”) on the evening of March 19. Soon after, Koç traced the original court order:

The order clearly bans access to a single URL, one that leads to a post at a blog called Hukukta ?ntihal. It’s a strange thing to ban: The post in question is a copy of a blog posted originally by Prof. Kemal Gözler on his own personal site. In it, he accuses fellow professor Ramazan Ça?layan of plagiarism; the original post led to a string of defamation lawsuits. Responding to an email, Gözler said the blog wasn’t his. The entirety of the rest of the Hukukta ?ntihal blog consists of two other posts about plagiarism from different authors.

It is the second sentence in the order, however, that caused the complete ban of WordPress in the country. “If the access to the single page cannot be possible due to technical reasons,” it reads, “block access to wordpress.com.”

This is a common censorship practice under Erdo?an’s rule: Knowing that blocking access to a single page under a secure HTTPS connection is technically difficult, Turkey’s Internet law allows ISPs to block an entire domain.

Indeed, soon after the court order, multiple subscribers to at least two major Turkish ISPs, Kablonet and Turkcell’s mobile network, said they couldn’t access WordPress at all.

The latest amendments to Turkey’s Internet law were conspicuously introduced right after the 2013 corruption scandal, which was widely leaked on social media, surrounding the family and cabinet of then-Prime Minister Recep Tayyip Erdo?an, who is now president. Turkish ISPs are now required to implement banning orders within four hours, provide user data to authorities, and must prevent alternative ways that circumvent censorship.

Just as Russia maintains an Internet blacklist, Turkey’s Internet watchdog keeps a list of websites banned in the country. There’s even a website to check whether a domain is banned; however, it’s incomplete, and the government rejected my information requests to obtain this list.

An anonymous group of activists has been crowdsourcing to tally the blacklisted websites, and has so far listed more than 70,000 websites that are banned in Turkey. According to this data, only 3 percent of the websites were banned by court orders, while 94 percent were simply decided by the government watchdog body known as T?B.

But if Turkey can order its ISPs to censor websites, why does it bother showing court orders to American social media sites to block pages it doesn’t like?

The reason that Turkey had to request Google, Facebook, and Twitter to remove content is because they use SSL certificates, which secures users’ communication with their servers. (SSL certificates are what allow the implementation of HTTPS.) They’re technically quite difficult to intercept, but these companies still bow down to Turkey’s requests. Why? Because Erdo?an has completely banned access to their domains time and again when they failed to comply.

Now, however, Erdo?an may no longer need these companies’ collaboration to censor online political opposition.

IP blocking, DNS hijacking and deep packet inspection

The easiest method to censor a website is by blocking its IP address, preventing the site from loading at all. But a more sophisticated method is filtering by domain name service (DNS), which is essentially an address book for the Web. Since every ISP runs their own DNS, filtering the entry for a domain will make the website disappear for their customers.

When Turkey blocked WordPress in August 2007, TTNET, Turkey’s largest ISP, said it had added the whole wordpress.com domain into the DNS filter “accidently,” though it took eight months to unblock. However, uers were still able to change their DNS to circumvent this sort of censorship.

Enter DNS hijacking.

When Turkey has blocked YouTube and Twitter during the local elections last spring, Turk Telekom, the privatised telecommunications network of Turkey, hijacked Google’s Open DNS to ensure complete censorship of the corruption scandal.

The same technique is now being used against WordPress. Journalists Do?u Ero?lu showed me what TTNET users see when they go the WordPress blog post that was banned by the court late last month:

A few technical experts I talked on this matter told me that DNS filtering would be sufficient to block a WordPress blog—either HTTP or HTTPS—because blogs have their own subdomain name. But others argue that it’s necessary to employ deep packet inspection (DPI) to reach TTNET’s level of censorship. Ahmet Sabanc?, a digital activist and a member of the Alternative Informatics Association in Turkey, notes that in order to prevent censorship circumvention (which, again, is required by law) ISPs would need to use DPI, which takes online oppression to a whole new level.

A privatised Turkish firewall

DPI, reportedly used by China and Iran for censorship, and reportedly by the U.S. National Security Agency (NSA) for surveillance, is already in use by Turkish ISPs for targeted advertising.

Phorm, an online advertising company that employs DPI, has partnered with TTNET since 2012. The company has caused much concern in the U.K. for collecting user information without consent. And despite being fined in Turkey for similar violations of law, its operations grew thanks to new partnerships with other Turkish ISPs.

The tracking javascript codes employed by Phorm’s DPI technology has been found on most visited Turkish news websites. Additionally, on a TTNET connection I tested, the proxy redirects from opposition news websites to Phorm servers, adding credence to the concerns of political profiling of Turkish Internet users.

In addition, Turk Telekom has been able to implement a firewall, similar to China’s Great Firewall, on Internet service it provides to Turkish schools and dorms. Since 2011, Facebook, Twitter, YouTube, and many other websites have remained inaccessible to teachers and students. When I tested this firewall within a school network, my browser reported an untrusted security certificate between me and Facebook. Such practices are well documented; for example, Turkey’s fraudulent security certificates were revoked for impersonating google.com in a man-in-the-middle attack in 2013.

With no transparency from the ISPs and no accountability from the government, Turkish Internet users remain in the dark. And the advanced censorship technologies pushed by Erdo?an’s machine only lengthens the shadow on freedom of speech in Turkey.

Efe Kerem Sözeri is a Turkish freelance researcher who lives in the Netherlands. After studying political science in Istanbul, he moved to Amsterdam to study migrants' political behavior. Besides his academic work, he regularly writes on internet freedom and censorship in Turkey.